COOP and Disaster Recovery with Symantec

Similar documents
A Survival Guide to Continuity of Operations. David B. Little Senior Principal Product Specialist

Symantec Business Continuity Solutions for Operational Risk Management

Data Recovery Policy

TSC Business Continuity & Disaster Recovery Session

Business Continuity: How to Keep City Departments in Business after a Disaster

Table of Contents. Sample

Protect Your End-of-Life Windows Server 2003 Operating System

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009

CCISO Blueprint v1. EC-Council

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

IPMA State of Washington. Disaster Recovery in. State and Local. Governments

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Appendix 3 Disaster Recovery Plan

Information Technology General Control Review

Symantec Security Monitoring Services

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Protect Your End-of-Life Windows Server 2003 Operating System

Disaster Recovery and Business Continuity Planning (Mile2)

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY

Security and Privacy Governance Program Guidelines

De-dupe: It s not a question of if, rather where and when! What to Look for and What to Avoid

Overview of the Federal Interagency Operational Plans

Continuity of Business

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

STRATEGIC PLAN. USF Emergency Management

Florida State University

Standard CIP Cyber Security Critical Cyber Asset Identification

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

10 Reasons Why Your DR Plan Won t Work

Keys to a more secure data environment

Transforming your IT infrastructure Journey to the Cloud Mike Sladin

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

Standard CIP Cyber Security Critical Cyber Asset Identification

Member of the County or municipal emergency management organization

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

SECURITY & PRIVACY DOCUMENTATION

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cyber Resilience. Think18. Felicity March IBM Corporation

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Continuous protection to reduce risk and maintain production availability

Security Standards for Electric Market Participants

REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009

DR Planning. Presented by. Matt Stolk Associate Director Northwest Regional Data Center Florida State University

Symantec Reference Architecture for Business Critical Virtualization

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

Business continuity management and cyber resiliency

Disaster Recovery and Business Continuity

Any observations not included in this report were discussed with your staff at the informal exit conference and may be subject to follow-up.

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Protecting your data. EY s approach to data privacy and information security

locuz.com SOC Services

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Digital Wind Cyber Security from GE Renewable Energy

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

How AlienVault ICS SIEM Supports Compliance with CFATS

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Checklist: Credit Union Information Security and Privacy Policies

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Bundling Arrows: Making a Business Case for Adopting an Incident Command System (ICS) 2012 The Flynt Group, Inc.; All Rights Reserved. FlyntGroup.

NORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives

INTERNAL AUDIT DIVISION REPORT 2017/138

A Practical Guide to Avoiding Disasters in Mission-Critical Facilities. What is a Disaster? Associated Business Issues.

Google Cloud & the General Data Protection Regulation (GDPR)

The Office of Infrastructure Protection

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Railroad Infrastructure Security

The Common Controls Framework BY ADOBE

MassMutual Business Continuity Disclosure Statement

Protecting Mission-Critical Application Environments The Top 5 Challenges and Solutions for Backup and Recovery

The next generation of knowledge and expertise

Critical Information Infrastructure Protection Law

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

QuickBooks Online Security White Paper July 2017

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

2 ESF 2 Communications

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

UPS system failure. Cyber crime (DDoS ) Accidential/human error. Water, heat or CRAC failure. W eather related. Generator failure

Number: USF System Emergency Management Responsible Office: Administrative Services

INFORMATION ASSURANCE DIRECTORATE

CLOUD DISASTER RECOVERY. A Panel Discussion

Build a viable plan for disaster recovery and crisis management.

NEN The Education Network

WHY BUILDING SECURITY SYSTEMS NEED CONTINUOUS AVAILABILITY

Internet of Things. The Digital Oilfield: Security in SCADA and Process Control. Mahyar Khosravi

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

The case for cloud-based data backup

Virtual Server Service

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

WHITE PAPER. Title. Managed Services for SAS Technology

Business Benefits of Policy Based Data De-Duplication Data Footprint Reduction with Quality of Service (QoS) for Data Protection

Education Network Security

Cyber Security Program

State of Cloud Survey GERMANY FINDINGS

Transcription:

COOP and Disaster Recovery with Symantec

Agenda 1 Setting the Stage 2 Evolving Continuity Landscape 3 Proven Approach to Succeed 4 Symantec Solution Overview 5 Conclusions and Recommendations 2007 Symantec Corporation, All Rights Reserved 2

The current homeland security environment with the continuing threat of mass casualty terrorism and the constant risk of natural disasters now demands that the Federal government actively prepare and encourage the Nation as a whole to plan, equip, train, and cooperate for all types of future emergencies, including the most catastrophic. The White House, Lessons Learned from Katrina, February 2006 2007 Symantec Corporation, All Rights Reserved 3

Homeland security will get renewed focus, but on different priorities, with increased funding for natural disaster relief and preparation. The health IT market will also receive a boost with spending projected to increase steadily over the next five years. INPUT Forecasts Federal IT Spending to Surpass $93 Billion by FY11, March 26, 2006 2007 Symantec Corporation, All Rights Reserved 4

COOP/DR What is the Difference between Continuity of Operations and Disaster Recovery? Often used interchangeably but key differences CONTINUITY OF OPERATIONS(COOP): Process of developing advance arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions continue with planned levels of interruption or essential change. DISASTER RECOVERY (DR): Process of developing advance plans and procedures enabling an organization to respond to a disruptive event and restore the Information Technology infrastructure supporting critical business functions Similar Terms: Contingency Planning, Business Resumption Planning 2007 Symantec Corporation, All Rights Reserved 5

BC/DR Industry View Key Definitions RECOVERY REQUIREMENTS: The resources needed to support a critical business unit s essential functions in the event of a disaster. Recovery Requirements should include manual work tools such as forms and work in progress (WIP) and extend to the supporting applications and technology infrastructure. Care should be given to account for specialized needs such as magnetic printers or imaging devices. 2007 Symantec Corporation, All Rights Reserved 6

Customer Perspective: Recovery Time & Objective Asynchronous Replication Synchronous Replication WAN Clustering Global Clustering Replication and Remote Mirroring >RPO/RTO LAN Clustering Storage Checkpoints Online Volume Management Local Clustering (HA) Online Volume Management, Storage Checkpoints, Point-in-Time Copies Vaulting Backup Data Protection (Backup, Recovery, Vaulting) Security Security Management (Firewall, IPS/IDS, Critical Systems Protection, Encryption, VM, AV) Low-Level SLA Medium-Level SLA High-Level SLA INVESTMENT 2007 Symantec Corporation, All Rights Reserved 7

Ongoing Challenges for Achieving Operational Continuity Cost Risk Security Availability Performance Security Threats Continuity Compliance Complexity Web Server Application Database Server Storage 2007 Symantec Corporation, All Rights Reserved 8

List of IT Risks That Create Outages is Growing Business Risk Other Risks Market risk Credit risk Interest rate risk Currency risk Operational Risks Non IT Risks Business process People and talent Environment Physical infrastructure IT Risks Security Risk Availability Risk Performance Risk Scalability Risk Recoverability Risk Compliance Risk Computer crimes Internal breaches Cyber terrorism Configuration changes Lack of redundancy in architectures Human errors Distributed architectures Peak Demand Heterogeneity in the IT landscape Business growth Provisioning bottlenecks Silo-ed architectures Hardware and/or software failures External threats such as security Natural disasters Government regulations Corporate governance guidelines Internal policy 2007 Symantec Corporation, All Rights Reserved 9

IT Risks For A Government Tax Collection Organization Security Risk Availability Risk Performance Risk Scalability Risk Recoverability Risk Compliance Risk Identity Theft Inability to Process Transactions Form Entry Bottleneck Inability to Handle Demand Non Reconciliation of Accounts Procedural Compliance Unauthorized access to or compromise of citizen data stored on the network System or network failure interrupts the ability process transactions Citizens can t transmit their returns or check refund status during peak season because of access bottlenecks in the infrastructure Systems unable to handle unforecasted growth in electronic submissions Data center disaster results in transaction loss Loss of data results in incomplete reconciliation of accounts Inability to audit who accessed what and validate that internal procedures and external guidance has been followed Must address all to achieve operational continuity 2007 Symantec Corporation, All Rights Reserved 10

Case Development Get the problem statement right: recovery objectives Start with the most severe threat you organization faces: Natural Disaster Intentional Acts By Third Parties Have neutral facilitator work with operations staff to determine objectives Work to determine recovery objectives for agency operation, not the technology Have senior executive approve objectives Get the capabilities right: account for delays 2007 Symantec Corporation, All Rights Reserved 11

Case Development Continued Layout Objectives Government organizations must be able to execute mission critical functions at all times and under all conditions. Establish Capabilities Given today s resources we can.. Develop Alternative Courses of Action We can continue mission critical applications by splitting them into multiple locations. Align Service Level Agreements (SLA) With Appropriate Organizations 2007 Symantec Corporation, All Rights Reserved 12

Case Development - Example FEDERAL PREPAREDNESS CIRCULAR (FPC 65) FEMA July, 1999 Planning Considerations: Must be maintained at a high level of readiness; Must be capable of implementation both with and without warning; Must be operational no later than 12 hours after activation; Must maintain sustained operations for up to 30 days; and, Should take maximum advantage of existing agency field infrastructures. This Federal Preparedness Circular (FPC) provides guidance to Federal Executive Branch departments and agencies for use in developing viable and executable contingency plans for the continuity of operations (COOP). This FPC is distributed to the heads of Federal department and agencies, senior policy officials, emergency planners, and other interested parties. 2007 Symantec Corporation, All Rights Reserved 13

Case Development - Example FEDERAL PREPAREDNESS CIRCULAR (FPC 65) FEMA June, 2004 a. Must be capable of implementation both with and without warning; b. Must be operational within a minimal acceptable period of disruption for essential functions, but in all cases within 12 hours of COOP activation; c. Must be capable of maintaining sustained operations until normal business activities can be reconstituted, which may be up to 30 days; d. Must include regularly scheduled testing, training, and exercising of agency personnel, equipment, systems, processes, and procedures used to support the agency during a COOP event; e. Must provide for a regular risk analysis of current alternate operating facility(ies); f. Must locate alternate operating facilities in areas where the ability to initiate, maintain, and terminate continuity operations is maximized; 2007 Symantec Corporation, All Rights Reserved 14

FPC 65 Continued g. Should consider locating alternate operating facilities in areas where power, telecommunications, and internet grids would be distinct from those of the primary; h. Should take maximum advantage of existing agency field infrastructures and give consideration to other options, such as telecommuting locations, work-at-home, virtual offices, and joint or shared facilities; i. Must consider the distance of alternate operating facilities from the primary facility and from the threat of any other facilities/locations (e.g., nuclear power plants or areas subject to frequent natural disasters); and j. Must include the development, maintenance, and annual review of agency COOP capabilities using a multi-year strategy and program management plan. The multi- year strategy and program management plan will outline the process the agency will follow to: [More] 2007 Symantec Corporation, All Rights Reserved 15

Operational Vigilance Key Steps Update objectives at least once a year using same business approach methodology Update capabilities report after significant technology changes, each test and each real incident Present an update on gap between business requirements to prevent risk and loss and current capabilities and provide solution options Maintain consistent methodology and consistent reporting Document, document, document 2007 Symantec Corporation, All Rights Reserved 16

After Action Reporting Tips When recovery goes BETTER than expected AS expected LESS than expected Report it! Be the hero! Report it! Call attention to how well you understand meeting business requirements with technology investment, planning and staff capabilities Report it! Show real-world results & how investment should be made to improve recovery times 2007 Symantec Corporation, All Rights Reserved 17

Recovery Objectives Methodology Challenges Lack of common definitions IT staff trying to facilitate a business decision Absence of education on the balance between process and technology solutions Lack of understanding that disasters are supposed to cost money and be uncomfortable and incur some loss 2007 Symantec Corporation, All Rights Reserved 18

Capabilities Assessment Methodology Issues Not accounting for the time it takes to: Identify a potential problem Make a go/no go decision to relocate Absence of critical staff Time it takes to deploy staff and assets Technology failures 25% of all media typically bad at time of incident; etc. 2007 Symantec Corporation, All Rights Reserved 19

Business Case Development Pitfalls to Avoid Objectives developed with: Limited or no involvement from agency operations staff No involvement from agency executives Inconsistent definitions What do you want approach vs. what you need to prevent X loss? Capabilities: Reported as too ambitious Not realistic Presented: In technology terms instead of business terms As availability you get for $$ spent instead of reduction of bankruptcy risk for $$ invested Requested capital vs. delivering strategy options 2007 Symantec Corporation, All Rights Reserved 20

Symantec Continuity of Operations Solutions overview 2007 Symantec Corporation, All Rights Reserved 21

Continuity of Operations Solutions from Symantec Continuity of Operations Prevention: Protect Against and Prevent Data Loss and Downtime Avoid outages via proactively monitoring threats and patch management policies Remediation: Fix the Problem Identify systems to patch, points of attack, application failures, and data loss Recovery: Reach RTOs/RPOs Restore data, application services to meet business recovery time objectives (RTO), recovery point objectives (RPO) 2007 Symantec Corporation, All Rights Reserved 22

Continuity of Operations from Symantec Spans from Prevention to Remediation to Recovery Business Continuity Prevention Remediation Recovery Vulnerability Identified and/or Infrastructure Instrumentation & Early Warnings Sent Vulnerability Proactively Blocked, Application Failed Over Availability of Application, Systems, and Data Assured Prevention Internet Reports on attacks and outages; updates to policies and SLAs; archiving for audit Remediation Recovery Identification of Systems to Patch, Points of Attack, Application Failures, Data Loss Patches & Updates Implemented Across Infrastructure; Applications Recovered; Data Restored 2007 Symantec Corporation, All Rights Reserved 23

Continuity of Operations from Symantec Spans from Prevention to Remediation to Recovery Symantec DeepSight Threat Mgmt System and Alert Services Symantec Managed Security Services VERITAS Business Continuity Management Service Performance Management/i3 Suite Symantec Client Security Symantec Gateway Security Symantec Network Security VERITAS NetBackup (or VERITAS Backup Exec) VERITAS Storage Foundation VERITAS Volume Replicator VERITAS Cluster Server Symantec Backup Exec System Recovery Prevention Internet Reports on attacks and outages; updates to policies and SLAs; archiving for audit Remediation Recovery Symantec ESM Symantec Incident Manager RTO/RPO steps Symantec LiveState Client Management Suite VERITAS Provisioning Manager 2007 Symantec Corporation, All Rights Reserved 24

Continuity of Operations Solution Capabilities Challenges Protect against and prevent data loss and downtime Fix the Problem Reach RTO/RPOs Symantec Solution Characterize threats, deploy policies for shielding, patch management, deploy mitigation efforts Conduct root-cause analysis; isolate application, systems, data problems; identify points of attack, patches Invest in just-enough business continuity, monitor continuously, tune and test 2007 Symantec Corporation, All Rights Reserved 25

Choose the Correct Configuration Align Continuity of Operations objectives with business and risk management requirements If not, your solutions can cost more than they should Present your case in risk management terms Secure needed funding, protect mission critical applications, and reset unreasonable SLAs Compliance guidance can be met Avoid the fear factor RTO/RPO Realtime 2 24 hour 24+ hours 2007 Symantec Corporation, All Rights Reserved 26

Conclusions & Recommendations 2007 Symantec Corporation, All Rights Reserved 27

Issues with continuity of operations Misaligned recovery objectives Budgets don t align with SLA s Compliance is costly Recommendation: Comprehensive Planning Match objectives with requirements Negotiate SLAs first Build recoverable environments Document for compliance 2007 Symantec Corporation, All Rights Reserved 28

Issues with continuity of operations Unclear recovery capabilities App & network dependencies Unclear of recovery definition Recommendation: Generate SLA on recover configurations Document and test all applications and connectivity requirements SLA to business users on restoring business processes 2007 Symantec Corporation, All Rights Reserved 29

Do s and Don ts in the Real World Structure tests to pass Make assumptions as to what is available Rely on just data availability Recommendation: Push tests to failure Test in real life environment Understand agency process and include all resources 2007 Symantec Corporation, All Rights Reserved 30

Do s and don ts in the real world Single Points of Failure Cross-train staff RTO for agency functions Recommendation: Work through all dependencies Train staff at recovery site Include agency functions and not just technology 2007 Symantec Corporation, All Rights Reserved 31

Why Symantec Has the Best Solutions From leading vendor, the ability to: Prevent, remediate and recover from security risks and downtime of applications and data Span a heterogeneous environment from client to storage/systems Easily tailor solution to availability and/or uptime commitments No compromising on product quality 2007 Symantec Corporation, All Rights Reserved 32

Thank You! Skip Farmer Skip_farmer@symantec.com 2006 Symantec Corporation. All rights reserved. THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. 2007 Symantec Corporation, All Rights Reserved 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback